patch 8.2.1030: reducing size of a terminal window may cause a crash

Problem:    Reducing size of a terminal window may cause a crash.
Solution:   Make sure the row and column don't become negative. (closes #6273)

diff --git a/src/libvterm/src/screen.c b/src/libvterm/src/screen.c
index e5d740b2d6ea02351aa21f4cacfc53a8ff66e115..eb90c200717ab37e6c05ec73426cee0d3a177e30 100644 (file)
--- a/src/libvterm/src/screen.c
+++ b/src/libvterm/src/screen.c
@@ -646,6 +646,12 @@ static int setlineinfo(int row, const VTermLineInfo *newinfo, const VTermLineInf
      newinfo->doubleheight != oldinfo->doubleheight) {
     for(col = 0; col < screen->cols; col++) {
       ScreenCell *cell = getcell(screen, row, col);
+      if (cell == NULL)
+      {
+        DEBUG_LOG2("libvterm: setlineinfo() position invalid: %d / %d",
+                                                                    row, col);
+       return 1;
+      }
       cell->pen.dwl = newinfo->doublewidth;
       cell->pen.dhl = newinfo->doubleheight;
     }
@@ -773,6 +779,12 @@ static size_t _get_chars(const VTermScreen *screen, const int utf8, void *buffer
       ScreenCell *cell = getcell(screen, row, col);
       int i;
 
+      if (cell == NULL)
+      {
+        DEBUG_LOG2("libvterm: _get_chars() position invalid: %d / %d",
+                                                                    row, col);
+       return 1;
+      }
       if(cell->chars[0] == 0)
         // Erased cell, might need a space
         padding++;

diff --git a/src/libvterm/src/state.c b/src/libvterm/src/state.c
index c9a988caa58b5d56ad535b4aae5cbc2d84962644..30438efe820f1dc5d1a9eabd897e70ec7439e556 100644 (file)
--- a/src/libvterm/src/state.c
+++ b/src/libvterm/src/state.c
@@ -17,11 +17,6 @@ static void putglyph(VTermState *state, const uint32_t chars[], int width, VTerm
 {
   VTermGlyphInfo info;
 
-  if (pos.row >= state->rows)
-  {
-    DEBUG_LOG2("libvterm: putglyph() pos.row %d out of range (rows = %d)\n", pos.row, state.rows);
-    return;
-  }
   info.chars = chars;
   info.width = width;
   info.protected_cell = state->protected_cell;
@@ -289,11 +284,6 @@ static int on_text(const char bytes[], size_t len, void *user)
 
   VTermPos oldpos = state->pos;
 
-  if (state->pos.row >= state->rows)
-  {
-    DEBUG_LOG2("libvterm: on_text() pos.row %d out of range (rows = %d)\n", state->pos.row, state->rows);
-    return 0;
-  }
   // We'll have at most len codepoints, plus one from a previous incomplete
   // sequence.
   codepoints = vterm_allocator_malloc(state->vt, (len + 1) * sizeof(uint32_t));
@@ -1856,8 +1846,12 @@ static int on_resize(int rows, int cols, void *user)
 
   if(state->pos.row >= rows)
     state->pos.row = rows - 1;
+  if(state->pos.row < 0)
+    state->pos.row = 0;
   if(state->pos.col >= cols)
     state->pos.col = cols - 1;
+  if(state->pos.col < 0)
+    state->pos.col = 0;
 
   updatecursor(state, &oldpos, 1);
 

diff --git a/src/version.c b/src/version.c
index b4e74825efcfb60d3103a85e27ee8f055d75e25e..aff20e13c43b26222c8fedd9959e76a29e221c36 100644 (file)
--- a/src/version.c
+++ b/src/version.c
@@ -754,6 +754,8 @@ static char *(features[]) =
 
 static int included_patches[] =
 {   /* Add new patch number below this line */
+/**/
+    1030,
 /**/
     1029,
 /**/